This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [PATCH] elf-eh-frame, move buffer alloc out of if block
- From: Jakub Jelinek <jakub at redhat dot com>
- To: msnyder at sonic dot net
- Cc: binutils at sourceware dot org
- Date: Sat, 28 Jul 2007 00:32:44 +0200
- Subject: Re: [PATCH] elf-eh-frame, move buffer alloc out of if block
- References: <16917.12.7.175.2.1185571279.squirrel@webmail.sonic.net>
- Reply-to: Jakub Jelinek <jakub at redhat dot com>
On Fri, Jul 27, 2007 at 02:21:19PM -0700, msnyder@sonic.net wrote:
> The else branch also relies on this pointer being non-null, so
> just move the allocation above the if.
>
> 2007-07-27 Michael Snyder <msnyder@access-company.com>
>
> * elf-eh-frame.c (_bfd_elf_discard_section_eh_frame): Move alloc
> above if block, since both branches rely on it.
This is wrong. Only if (hdr_id == 0) { ... } code ever adds new cies
to the array, else branch will just goto free_no_table; (failed REQUIRE)
if ecie_count == 0 (on an invalid .eh_frame section):
/* Find the corresponding CIE. */
unsigned int cie_offset = this_inf->offset + 4 - hdr_id;
for (ecie = ecies; ecie < ecies + ecie_count; ++ecie)
if (cie_offset == ecie->offset)
break;
/* Ensure this FDE references one of the CIEs in this input
section. */
REQUIRE (ecie != ecies + ecie_count);
So, if ecies is NULL (implies invalid .eh_frame section and also
ecie_count == 0), I don't see anything invalid on the
ecie = NULL assignment or NULL < NULL + 0 comparison (false), then it
will just do if (NULL == NULL + 0) goto free_no_table;
To my this looks like Coverity issue.
Jakub